How to Remove CryptoNar Ransomware and Decrypt Infected Files

Ransomware is the single most significant threat in the current malware landscape. It has grown to staggering proportions in recent years, with bad actors bagging an estimated $1 billion from ransom payments in 2016. This explains why new variants of ransomware keep popping up like mushrooms. One such variant was the CryptoNar ransomware.

CryptoNar is an offshoot of the CryptoJoker ransomware that hit the web in the summer of 2018. The ransomware encrypts small text files fully and only tampers with the first 1,024 bytes of larger files, encrypting them partially. The ransom demand was relatively humble, with the crooks asking for just $200 in Bitcoin to potentially restore your files. Thankfully, if you have fallen victim to CryptoNar, you will most likely not have to deal with cyber extortion and pay anything. Shortly after the first cases of CryptoNar infections, the ransomware was taken apart by security analysts and a decryptor was put together.

The decryptor is available online as a free download. The only catch here is that you will need to have a copy of at least one of the unencrypted original files. Once you feed the decryptor it with both one encrypted and one unencrypted file, it can start to work its magic and restore your data, given enough time. The default setting will attempt to decrypt all local and networked disk drives.

One thing to keep in mind is that by default the decryptor keeps all encrypted files even after it unscrambles them. This means you should either make sure there is enough disk space to accommodate for what is essentially twice the previously existing data, or deselect the "Keep encrypted files" option. This toggle was put there as a precaution, in case the decryption does not work perfectly fine on some files. Victims of CryptoNar should first try decrypting just a few files to see if the process produces workable results, then proceed with whole disk drives.

A good way to avoid ransomware before it even manages to scramble your files would be to have an up-to-date, robust and fully-featured anti-malware solution. Of course, an anti-malware suite should be able to clean an infected system from the ransomware but will not be able to restore files.